1 / 24

“What Could Possibly Go Wrong?” Thinking Differently About Security

“What Could Possibly Go Wrong?” Thinking Differently About Security. Mary Ann Davidson Chief Security Officer. Agenda. Why Do Anything Differently? Speaking Differently Thinking Differently Building Differently Conclusion. Why Do Anything Differently?. Adapt or die

bridie
Download Presentation

“What Could Possibly Go Wrong?” Thinking Differently About Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “What Could Possibly Go Wrong?” Thinking Differently About Security Mary Ann Davidson Chief Security Officer

  2. Agenda • Why Do Anything Differently? • Speaking Differently • Thinking Differently • Building Differently • Conclusion 2

  3. Why Do Anything Differently? • Adapt or die • “It’s infrastructure, duh…” • False prophets and magic security pixie dust • Most humans don’t speak Klingon • “There is nothing new under the sun” (Ecclesiastes) • Synthesizing ideas, canons, patterns from other disciplines helps you look at old problems in a new way…and find old solutions to new problems • Or start a revolution (e.g., OODA loop) 3

  4. Speaking Differently About Security • “Translation” is a key skill • Don’t be afraid to ask dumb questions • De-geek your speak • Everyone from end users to policymakers needs to understand security at some fundamental level • The importance of analogies and examples • Good old Alice and Bob… • “If only we had 300,000 Little Dutch Boys…” • “Family of five starves to death, locked out of refrigerator…” • “5 people or a billion people…” 4

  5. Thinking Differently About Security • We need to embrace principled – but not purist – thinking because the world isn’t perfect • … and neither is security • Thinking differently is enhanced/enabled by synthesizing concepts from other disciplines • Economics • Game theory • Biology • Military strategy and tactics • … 5

  6. Thinking Differently About Security • Economics rules the world • Systemic risk (cannot be mitigated) • Efficient resource allocation (time, money and people arealways constrained) • “Crowding out effect” • Opportunity cost • Cost avoidance • Market signaling • Moral hazard 6

  7. Thinking Differently About Security • Game theory • Prisoner’s Dilemma • Biology • Chemical signaling/chemical defenses • Deception • Military strategy/tactics • Multiple applicable concepts 7

  8. The Network is the Battlefield (1) • Network centric warfare seeks to translate an information advantage, enabled in part by information technology into a competitive advantage through the robust networking of well-informed geographically dispersed forces • Major tenets of network centric warfare: • A robustly networked force improves information sharing; • Information sharing enhances the quality of information and shared situational awareness • Shared situational awareness enables collaboration and self-synchronization, and enhances sustainability and speed of command; and • These, in turn, dramatically increase mission effectiveness (Source: Wikipedia) 8

  9. The Network is the Battlefield (2) • US (for example) is increasingly practicing information-centric warfare • Ability to get real time information to war fighters requires connection of disparate systems • …potentially eliminating several natural defensive boundaries • …and forcing defense of the entire network • …leading to Isandlwana or Rorke’s Drift? • As warfighting increasingly relies upon an IT backbone, the network itself becomes the battlefield • Superior force-of-conventional-arms – hard to get • Superiority of cyber-arms – potentially easier • Attacker’s Goal: disrupt defender’s ability to wage war and prevent the use of information (or other) technology 9

  10. …Which May Favor Adversaries • Information (and information technology) is seen as a force multiplier, but can over reliance become an Achilles’ backbone? • Technology no longer a force multiplier if enemies can steal it • …Or taint the information • Are network elements designed for their threat environment? • Lack of situational awareness on the network an issue • Who is on the network? • Friend or foe? • What is on the network? • What is my “mission readiness”? • What’s over the hill? “He who defends everything defends nothing.” – Frederick II 10

  11. Building Differently • Sid Sibi Pacem Para Bellum • “Who” we build • “What” we build 11

  12. Building Differently – Who We Build • Basic security education can’t start too early • “Look both ways before crossing the Internet…” • University curricula must change to reflect building of IT as infrastructure • …that will be attacked • …successfully in some cases • Security (design, defensibility, delivery…) is foundational just as structural engineering is foundational for physical infrastructure • Currently, vendors must educate every CS grad in basic, basic, basic security • …and spend millions fixing avoidable, preventable design and code defects 12

  13. Building Differently – Who We Build • We need cyber engineers much more than cyber SEALs • Especially since some terrain is indefensible…but shouldn’t be • How to do it • All CS and many related classes must embed and reinforce security concepts (just like structures!) • Red team/blue team as part of all CS classes • Accreditation bodies should force curricula change • Equivalent of EIT/PE? 13

  14. Building Differently – What We Build Innately Defensible Software • The US Marine Corps is a lethal fighting force • But does not assume “no casualties and an unbreachable perimeter” • And Marines understand what is strategic to defend (e.g., Henderson Field) • “Every Marine a rifleman…” • Products must self defend, every one of them • “Armed guards” will not work any better than bastion defenses, particularly as apps become collaborative • N devices should not require n defenders • Mentality shift in development to disallowing every other possible future use instead of allowing all possible future uses 14

  15. Building Differently – What We Build Self-Aware Networks (1) • Lack of situational awareness is caused by lack of basic information • Who’s on my network? • What is on my network? • What is my “mission readiness” (performance, bandwidth, security posture) • What is happening that I should be worried about? • Causes • No standards for what data is collected • No standards for format (though some contenders) • SIEM vendors can’t correlate non-existing data • Value add is the BI component, not “translation services” 15

  16. Building Differently – What We Build Self-Aware Networks (2) • Government could enforce such standards as a public good • Example: Transcontinental Railroad • Or find other ways (procurement, “certifications”) to force the market to provide situational awareness (e.g., SCAP) • Could enable “dynamic redoubts” • Reconfiguring networks and products that go to “DEFCON-n” when under attack 16

  17. Building Differently – What We Build Innately Defensible Data • Search (and-destroy) engines? • What data is where on my networks? • Options include report/retrieve/erase/destroy? • The corollary to information lifecycle management/data retention is what you should not have/use/keep • Can help with security/privacy housekeeping as well as data retention policy • More flexible access models? • Self sealing/time-to-live (TTL) data • Narrow risk/attack vector through more contextual access (time of day/pattern of use/who do I think you are/what device are you using) 17

  18. Building Differently – What We Build E-M-Based Networks • Fighter pilots “win” based on agility (Boyd’s energy-maneuverability (E-M) theory) • OODA (observe, orient, decide, act) • OODA was an air warfare concept that changed the face of war (notably in Gulf War I) • And has been applied to other disciplines • Is there applicability to cyber-offense and defense? • If targets are not static but evolving, it might 18

  19. “What Could Possibly Go Wrong?” • Driverless cars • … with profusion of “updateable” software • … married with GPS/user-specific location • Armaments with IP addresses • Electronic medical records • …much more broadly accessible/hackable than paper ones • “Child-proof hand grenades…” 19

  20. Summary • 90% of life is solving the right problem • We cannot improve cybersecurity by hiring more digital Dutch boys • We need to speak, think and act differently than what we are doing now • Which in turn requires cultivating one’s inner dilettante in a targeted way • The art of war has much to teach us about defending the network battlefield 20

  21. Remember • At Dawn We Slept… 21

  22. Resources • War Made New by Max Boot • Boyd: The Fighter Pilot Who Changed the Art of War by Robert Coram • Engineers of Victory: The Problem Solvers Who Turned the Tide in the Second World War by Paul Kennedy • How Markets Fail: The Logic of Economic Calamities by John Cassidy • Prisoner’s Dilemma by William Poundstone • Carnage and Culture by Victor Davis Hanson 22

  23. Q & A 23

  24. 24

More Related